Category: Tips

Categories
Tips

How to Conduct an Effective Cybersecurity Risk Assessment

In today’s digital landscape, it is not a question of if an organization will experience a cyber risk, but when. It is therefore essential for anyone working in information security to be fully informed and equipped when it comes to risk management, measuring, and evaluation. 

A cyber risk assessment is a document of an organization’s process of identifying digital assets, detailing potential threats, determining the likelihood of a data breach, and establishing controls to mitigate those risks. This document works to keep stakeholders informed, support proper responses to identified risks, and provide an executive summary to aid in security decisions. 

Risk assessments are a key part of becoming cyber resilient, but it can be difficult to know where to start. This article will walk you through when and how to conduct an effective cybersecurity risk assessment.

code

When should you perform a risk assessment?

All cybersecurity strategies should start with a risk assessment

A cybersecurity risk assessment is the foundation upon which everything else is built. Engaging in detailed asset management, review, and control-setting practices arms the organization with all the information it needs about its IT landscape and all the associated risks. 

This can be time-consuming, but it is a necessary process. Without this solid foundation of knowledge, organizations may fail to implement the proper controls further down the line.

Yearly assessments keep you informed about potential threats

Most compliance regulations mandate that organizations review their risk assessment at least once per year. Organizations should document this annual review by taking the minutes during a risk assessment meeting to prove their compliance. 

Don’t wait for a reason to do your yearly check. For example, if there was an issue with your outbound call center solutions, it would be preferable to identify the risk early during a routine check, rather than while doing damage control after a customer data breach.

When adopting new tech or systems in your organization

When planning to make any significant changes to your IT stack, it is important to formally review your cybersecurity risk assessment. While the definition of “significant changes” is subjective, it’s best practice to review after introducing any innovative technology which alters your infrastructure and could open your system up to new risks. 

For example, when onboarding new virtual PBX solutions, organizations should review their cybersecurity to make sure no sensitive data will be compromised in the transition to a new method of communication. Similar events triggering the need to review risk would include the addition of a new firewall provider, or the migration of a database from on-premises to cloud.

Following major changes such as mergers or upgrades

Structural changes, such as one company merging with another, can cause increased security risks. With operations in transition, high-value data becomes more vulnerable to threats. In Devsecops IT culture, responsibility for delivering secure software is shared between development and operations teams. 

When businesses merge, then, this becomes a collaboration between the development and operations teams of multiple organizations – allowing more potential for malicious actors to disrupt the transfer and sharing of data. 

It is important, therefore, to conduct thorough risk assessments and identify additional measures which need to be in place during the period of change.

meeting

After security incidents to determine and prevent breach

When a security incident takes place, a risk assessment is a crucial tool. It’s important to investigate root causes and try to get to the bottom of what went on as swiftly as possible. You want to gain a thorough understanding of the specific vulnerabilities and weaknesses in the existing system which allowed the breach to occur. 

These insights will be valuable for the continuous improvement of your security system – they tell you what needs to be fixed to prevent the same incident in future. The risk assessment document will also be useful for legal proceedings, insurance claims, and compliance reports, and for ensuring transparent communication with affected parties.

How to conduct an effective cybersecurity risk assessment

Determine the scope including assets, systems, and data

The first step is about identifying assets and determining the scope of the assessment. Thanks to visibility issues in increasingly complex systems, this is often the most difficult part of the process. For instance, as businesses move from monolithic to microservice architecture (here’s a good monolithic application example), data becomes spread across a larger application comprising multiple independent databases and modular services communicating via APIs. 

Start by listing valuable assets. This includes all devices on the network, company and customer data, and every location which stores, processes, and transmits data. For each one, gather information such as its purpose, end-point users, network topology, security controls, and functional requirements. 

Additionally, you should identify risky users which may increase security risk. You’ll need this comprehensive list of all assets and users later on when making decisions about which assets to prioritize.

laptop and mobile

Evaluate and test infrastructure vulnerabilities and weaknesses

A vulnerability is a weakness which could be exploited to steal data or otherwise harm the organization. Threats include system failure, human error, and adversarial threats like hackers and malware. Organizations must guard themselves against unauthorized access, data leaks, and misuse of insider information. 

But evaluating weaknesses is not just about what “could” happen; it is a realistic assessment of what is most likely to happen based on the current security infrastructure. Vulnerabilities can be found and tested via vulnerability analysis, auditing, and software security analysis.

Classify data based on sensitivity and importance

Now you know which assets you are protecting, and which weaknesses need to be patched. Armed with this information, you can categorize your organization’s data according to its sensitivity and importance. You’re looking for critical data that would have the most significant impact on operations and stakeholders if it was to be compromised – in terms of money, reputational damage, and customer trust. 

You should also keep in mind which data is in the most precarious position, based on the vulnerabilities and weaknesses you have identified. Think about how bad the impact of a breach would be, but also how likely such an event is. 

So, if you had a database valued at $50 million. In the event of a breach, you estimate that at least half the data would be exposed before it could be contained, meaning a loss of around $25 million. 

However, if this is an unlikely possibility – say, a one in fifty-year occurrence, this would be equivalent to losing $25 million every 50 years, which translates to half a million per year. This estimation is extremely helpful when setting the annual budget for your data security program.

Assess your organization’s regulatory compliance

You also need to think about compliance risk: would a data breach lead to a compliance violation? If there are fines or penalties involved, this would be an expensive mistake. Conduct a thorough review of all security operations to identify any areas where you are not fully compliant with necessary regulations. 

One of the reasons compliance is so difficult is that businesses often have data spread across so many devices, storage systems, databases, and networks that it is hard to look at every aspect of the system at once and identify shortcomings. Using a data warehouse, you can access current and historical data from multiple sources in one place for easier insights and reporting.

compliance

Develop a risk mitigation plan for identified vulnerabilities

Based on the data you have collected, create a comprehensive risk mitigation plan. This should include strategies to address each vulnerability you identified, be it technical solutions, process improvements, or alternate measures that minimize the likelihood and impact of a potential security incident. 

Risk mitigation controls are your first line of defense. For vulnerable devices, typical controls  include installing anti-virus software, encrypting data, updating security patch policy and processes, and hardening systems. In terms of storage, processing, and transmission risk, mitigation controls may be things like virtual private networks (VPNs), firewalls, or network segmentation. 

There are also user access mitigation controls, such as limiting access according to privilege, using role-based access controls (RBACs), implementing multi-factor authentication (MFA), or even passwordless authentication

The more specific you can be about the necessary fixes, the better. That’s why the identification stage was important: you should have a detailed understanding of your entire digital ecosystem. For example, best practices when mitigating threats in CI/CD environments will be different to traditional on-premise systems. Understanding these nuances allows for the implementation of mitigation controls specific to the situation.

Provide cybersecurity awareness training for employees

Just as you offer training on more basic IT concepts to answer employee questions such as what is a data warehouse, you should absolutely train your staff on cybersecurity. Don’t let human error be a bigger factor in cybersecurity incidents than it has to be. 

Make sure your teams are up-to-date on the latest phishing scams and best practices to stay safe. Educating everyone on the importance of cybersecurity empowers individuals to keep their own devices secure, supporting and enhancing the overall security posture of your company.

Evaluate the security practices of third-party partners

It is vital to ensure that third-party partners, suppliers, and vendors meet the same security standards as your organization. Assess cybersecurity practices of all external partners, establish clear guidelines, and schedule regular assessments. 

Moreover, with the increasing prevalence of AI in communication industry solutions, it is especially important to access the practices of partners leveraging artificial intelligence. Understanding the associated risks and implementing appropriate security measures is key to safeguarding sensitive information in AI-powered platforms or communication tools.

Maintain records of risk assessments and actions taken

The process of undertaking a risk assessment is valuable, but equally important is the documentation of the process. Businesses need to keep thorough records of each risk assessment, detailing assets, vulnerabilities, mitigation controls, and actions taken. This record is a useful tool, not only serving as a reference for future security risk assessments but also supporting compliance reports and future audits.

Conclusion

By investing the time to identify and document all assets, weaknesses, and mitigation controls, you can be sure to conduct an effective cybersecurity risk assessment. However, this is not a static document. 

You should be continually updating your risk assessment to keep up with the dynamic and evolving risk landscape. Continuous monitoring and improvement are key to remaining vigilant against cyber threats.

NEW Developer Nation survey is live. Participate and shape the trends in software development. Start Here!

jessica true
Jessica True – Senior Director, Marketing Strategy & Operations, Dialpad

Jessica True is the Senior Director for Marketing Strategy and Operations at Dialpad, a modern business communications platform that takes every kind of conversation to the next level—turning conversations into opportunities. Jessica is an expert in collaborating with multifunctional teams to execute and optimize marketing efforts, for both company and client campaigns. Here is her LinkedIn.
Categories
Community Tips

Top Tips to Successfully Write API Documentation

Whether it be a sound system or PC, you’d expect any recently purchased tech to come with an instruction manual for setup, installation, and operation, right? Well, the same goes for APIs. If your development team builds an API, you must write API documentation to guide development teams and end-users through setup and operation.

If you need a quick refresher, an application programming interface (API) is a software intermediary that enables communication between two different pieces of software. 

API documentation is the set of instructions describing how developers can set up, integrate, and use this software to meet specific needs. It should include code samples, functional details, API call examples, and more. 

For third-party apps, 38% of developers cited documentation and sample code as the second most important characteristic of a high-quality API, preceded only by security.

Third Party APIs
Image sourced from Developer Nation

So, how do you write API documentation successfully? Here’s everything you need to know.

Who needs to write API documentation?

Traditionally, the software developers who build the API are responsible for writing API documentation. And it makes sense — the creators of the API have intricate knowledge of how the API works. However, this has its downsides.

Writing is an underrated software development skill that many developers fail to hone. Consequently, they may struggle to write clearly and concisely, leaving the API document full of technical jargon that’s difficult for non-developers to comprehend. Plus, because software developers are so busy developing the API, documentation may be rushed or left until the last minute. 

Instead of burdening developers, many businesses are turning to technical writers. 

With a background spanning both content writing and technical expertise, technical writers understand how to adapt complex technical subjects into easily understandable formats. Using the information supplied by developers, they can write clear, accessible, and engaging API documentation.

For software developers, this is a huge benefit. Rather than waste time writing lengthy documents, they can gear their focus towards API development in alignment with your wider enterprise transformation roadmap. Faster builds, better APIs, and accelerated time-to-value.

But what exactly goes into an API document? Let’s take a look.

What does API documentation include?

Of course, what you include will vary depending on the data engineering platform you use, the type of API that you’re creating, and the use case of the API. But regardless, there are several key pieces of information that every API document needs.

Examples for each API call, parameter, and response

An API document needs to show examples of every API request, response, and parameter. This enables developers to visualize how the API works and understand how to interact with it.

Code samples for popular languages

Code samples give developers a headstart when they’re first using your API. They can copy and paste this code, alter it to meet their specific needs, and refer back to it if they want to utilize a particular feature or remember an endpoint function.

Ideally, you should  add code samples for every language that your API supports. At minimum, you need to include the most popular languages – the top three to date being JavaScript, Java, and Python.

Programming Languages in Q1 2023

Image sourced from Developer Nation

Details of API requests with error message samples

APIs should be configured to display error messages as needed. Your API documentation therefore must include examples of the different types of error messages, alongside an explanation of what they mean and how to resolve the issue.

Top tips to successfully write API documentation

How do you write API documentation that’s accessible to junior and senior developers alike? Here are some of our top tips.

Maintain a consistent style and tone

All good pieces of writing — from novels to technical documents — must maintain a consistent, coherent style and tone. Why? Because if your style and tone are all over the place, readers won’t trust you. They might question your credibility and authority, or become confused and disengaged with your content.

Generally, the tone of API documentation needs to align with its purpose — to inform and educate the reader. So, the tone should be factual and relatively formal to establish authority and credibility. That said, don’t overdo it. A laid-back, approachable tone helps you build a relationship with your reader and provides clarity to your communications.

Remember, consistency is key. Identify your style and tone and aim to maintain it throughout your documentation.

Prioritize clarity over technical jargon

API documentation should be the first point of call for end-user queries. Users should be able to refer to it before they get into contact with your IT helpdesk team or virtual agents. (What is a virtual agent? It’s software that provides an interactive, automated service to end users who have questions relating to your product). 

For this reason, API documentation needs to be clear and accessible for both beginner coders and seasoned developers. 

Prioritize simple, plain language over technical jargon. Avoid fluffy, long-winded descriptions in favor of to-the-point explanations. And use short, easily digestible sentences to improve document clarity.

Organize content with clear headings

Another way to improve clarity is to organize your content with clear headings. Readers should be able to quickly jump to the section of the document that they need without having to trawl through mountains of text.

hands on keyboard

The easier it is for users to navigate your document, the faster they get the answers to their questions – and the more likely they are to continue using your API.

Offer step-by-step guides for a quick start

Quickstart guides teach users how to use your API straight away by providing step-by-step instructions for common scenarios and functions. 

Start by identifying the most common use cases for the API. From there, walk users through how to use your API to complete specific tasks, providing code samples for each scenario.

Implement effective versioning strategies

The accuracy of your API documentation is heavily dependent on your versioning strategy. If you make a change without documenting it — even if it’s a minor update — your end user can experience significant issues.

Create an effective versioning strategy by implementing the following actions:

  • Automate the process using an API documentation tool that can read source code changes and update documentation in response.
  • Communicate in advance when updates are going to happen.
  • Allow for backward compatibility so that users can still use old versions of your API.
coding

Proofread and double-check for typos

While the odd typo might feel like no big deal, spelling mistakes and grammar errors can ruin the reader experience. It can make your documentation difficult to understand, resulting in misunderstandings that reduce the quality of your document. It may even turn users off your business completely.

After writing your documentation, perform a thorough proofread. As a best practice, get someone other than the person who wrote the document to do the proofreading, as even the most experienced writers can fall victim to typo blindness.

Emphasize the use of security measures

As well as communicating the security skills and measures that developers can utilize to reduce the risk of data breaches, you also need to practice what you preach. In your API documentation, assure end users that you prioritize data privacy by emphasizing security measures such as:

  • Authentication and authorization
  • Access controls
  • SSL/TLS encryptions and signatures
  • API gateways
  • Vulnerability testing
  • Regular security updates and patching
  • Activity monitoring 
  • Remote access controls — click here to learn more about implementing secure remote PC access. 

Encourage user feedback and contributions

Your API documentation shouldn’t be a static document. That is, it should be regularly maintained to ensure that it’s consistently meeting the needs of your end users. 

Encouraging users to provide feedback and contributions can help you do this. It can bring to light information in your documentation that might be missing, inaccurate, or difficult to understand.

Feedback can be collected in a variety of ways — email surveys, website forms, phone calls, and so on. But you don’t even need to ask for feedback and contributions directly.  Using AI virtual assistant technology, you can discover the sentiment around your document, identify frequently asked questions, and illuminate potential contributions. 

For example, if lots of users are contacting your virtual assistant to ask what a specific error message means, it may be that you need to tweak this section in your API document to make it clearer for your readers. Or, it might be that you’ve missed the error message completely and need to add it in. 

Overall, it’s a reliable way to gather actionable feedback without pestering end users for contributions.

In Conclusion…

If your API doesn’t come with comprehensive documentation, nobody will be able to use it to its full potential. Even if your API is created for internal use only, poor documentation can cause significant issues for developers who rely on your API to perform critical operations.

To avoid misunderstandings, confusion, and churn, write API documentation that follows the best practices laid out above. Clarity and consistency are key, as is using quickstart guides and specific examples to walk users through the common use cases for your API.

Jenna Bunnell – Director, Field & Strategic Events, Dialpad

Jenna Bunnell is the Director for Field and Strategic Events at Dialpad, an AI-incorporated cloud-hosted unified communications system that provides valuable call details for business owners and sales representatives. She is driven and passionate about communicating a brand’s design sensibility and visualizing how content can be presented in creative and comprehensive ways. Here is her LinkedIn.
Categories
Community Tips

The ABCs of Technical Writing

technical writing


As developers, we have either had to write or read a technical article or documentation. What do you look for when you write/read an article? Is it the length of the article? Is the balance between theory and examples? In this blog, we will find out what makes a good article and how to write an effective one.

What is Technical Writing?

Before we dive right into tips and tricks for writing an influential article, let us understand what technical writing means and why we need it. To go by definition, technical writing is the practice of conveying complex technical information in a clear, precise, and understandable manner, often to inform, instruct, or guide an audience. Whether you are an individual developer or a professional technical writer, the goal is the same – Education.

Technical Writing Must-Haves

Now that the goal is defined, the next step is to work on actionable points to develop the concept for the article.

Here are some points that we should consider while writing the outline:

  • Clarity: Avoid jargon and overly complex language.
  • Conciseness: Avoid unnecessary filler content and get the information your readers need. Use bullet points, headings, and other formatting techniques to make content scannable.
  • Visual aids: Visuals, such as diagrams, charts, and screenshots, can help clarify complex concepts and make your documentation more engaging.
  • Accuracy: Ensure all technical information is accurate and up-to-date.
  • Consistency: Maintain terminology, formatting, and style consistency throughout your documentation.
  • Organization: Add a logical flow. Organize information in a way that guides the reader through the document effortlessly.

Tips to Write Better

Using the above must-haves, you should write an outline. Once that task is completed, writing the content is next.

Here’s some tips to make your content better:

  • Purposeful writing: Define a specific goal in mind while you start writing
  • Use of simple language: The purpose of a technical article is to explain a concept to the readers; using complex language will only push developers away. 

Things to have in your article:

-Using simple sentence structure  

-Using directives

-Breaking paragraph after every thought

  • Defining your target audience: Defining your target audience helps you decide the level of content. For example, if your target audience is beginners, it is better to write an introductory article with a simple example to follow.
  • Adding frequent checkpoints: To ensure you have your reader’s attention till the end, add checkpoints. For tutorials, you can use screenshots in between, and for leadership blogs, you can use questions/ discussions in between
  • Avoiding too many links: Adding links can help readers with more context, but you should avoid using too many. Instead, have a resources section with all the necessary links.

Using simple examples: Examples that do not require complex setups and are easy to follow

Resources

To perfect the article, we should always look up articles or docs that work well and are liked by the developer community.

Here’s a list of my favorite documentation:

  • Vercel: The developer journey in Vercel docs is very well-defined
  • Appwrite: Maintains consistency and caters to all levels of developers.
  • MongoDb: Uses the right amount of visuals and is very concise.

Categories
Community Tips

An Ultimate Guide to Web Application Security

web application security

If one thinks that they know it all about cybersecurity- this discipline was probably not explained appropriately to them.”- Stephane Nappo

With the rise of information technology, businesses have to opt for digital transformation. They leverage best-in-class web development languages to create applications that cater to the unique needs of users. Such apps gain traction and reach a wider audience from all over the world. 

But that traction can be harmful as it also attracts hackers. They exploit the weak aspects of the web application security or the vulnerabilities of your app to steal valuable dat a. This can cause some serious damage to business and their customers. 

More and more cybersecurity breaches are happening even in the government and large business organisations. The scale of harm such attacks inflict is only getting bigger. And in a time when eCommerce is booming, every customer and online store is at risk. Every digital payment system and its users are at risk. So what to do now? 

Business owners and developers need to implement measures that safeguard various aspects of web apps. Therefore, we present to you an ultimate guide on web application security.

Here, we will go through the basics of the concept, its importance, how it works and what best practices you can implement for its success.

What Is Web Application Security?

If any vulnerabilities are present in your app then cybercriminals can easily exploit it. Therefore, it becomes necessary to form web security policies for the protection of your apps. It helps you apply the best security measures like multi-factor authentication, maintaining privacy status and user state, WAFs, cookies validation and more. 

The purpose behind implementing these best practices is to validate all the user inputs. The purpose here is to identify the source of the user input and check if it is malicious or not. The input will be processed only if it is confirmed that it won’t be a security threat to the app or its data. 

Along with strengthening the security of their apps, users also need to keep an eye out for online threats that might corrupt their personal computers. If you are someone who works from home then nothing can provide you enough security than an anti-virus application. 

You have to identify the potential threats, formulate a strategy to handle them and follow it strictly. We will provide you with a few best security practices for your web apps but before that, we need to know why web app security is so important and how it works.

Importance of Web Application Security

From online shopping to digital banking, web apps are dominating in almost every field. But the popular ones also become an easy target. They are proficient at finding and exploiting the weaknesses or the vulnerabilities of the web app may it be in open-source code, a design flaw, access control, APIs or third-party integrations.

Attacks commonly targeted towards web applications include: 

  • Insecure deserialization
  • Cross-site scripting
  • Brute force
  • Cookie poisoning
  • Sensitive data disclosure
  • Credential stuffing
  • SQL Injection
  • Session hijacking
  • Formjacking injections

How Does Application Security Work?

Any approach you take to secure your web app will be about addressing any specific weakness or vulnerability. Web App Firewalls are utilised to monitor and filter the web traffic between an app and its users. This helps in defending against various cybersecurity attacks. 

These firewalls are configured with policies that help in determining which traffic is safe and which could pose a threat to the app. WAFs can do a phenomenal job of blocking malicious traffic. The purpose here is to prevent malicious traffic from reaching the app and accessing its confidential information.

Web app security best practices

1. Attack your website

The best defence is to attack. No, you don’t have to attack your attackers but your application. Knowing how your enemy thinks will provide you with the best protection. And your enemy thinks of attacking your web app. 

You can implement all the best security practices and tools you want but nothing can prepare you like actually simulating the attacks. An attack makes the weaknesses and vulnerabilities of your app visible.

You can hire experts to run such attacks in an isolated environment. It is to prevent inflicting any harm on business processes attached to the apps. You can do it for yourself but unless you are a cybersecurity expert, you won’t be able to do it effectively and hence you won’t get any good information from this approach. 

Non-technical people, beginners and amateurs can’t completely understand how security protocols work and where they fall short under attack. Therefore, you need to conduct various cybersecurity attacks like sensitive data leaks, XSS, broken authentication, DNS spoofing, SQL injection, CSRF and more under the supervision of an expert.

2. Invest in an SSL certificate

A Secure Socket Layer certificate will encrypt the data of your app and pass it through a protected network. This prevents hackers from seeing or intercepting it. 

Your app might have sensitive business and user information like usernames, passwords, addresses, bank details, credit/debit card details and more. Getting an SSL certificate will hide all that data from the attackers. 

Google has announced that every web app must have an SSL certificate if it wants to rank higher in its search engine results. 

It’s a simple technique that ensures the users of the Google search engine that the websites they will visit through search results will be completely secure. Now, if you want to provide a payment system on your app then you will need to obtain the PCI licence and for that, you need to have an SSL certificate. If you are wondering that with such importance, an SSL certificate might be expensive, then you are mistaken. It only costs around $8.00/year. 

3. Read and educate

Hackers can be lethal if your staff isn’t well-educated on the subject of cybersecurity. An educated staff is tough to fool even with social engineering attacks. 

You can get updates on the latest trends and technologies through popular blogs and YouTube videos. Your information must help you gain an edge over hackers. Uneducated users can easily fall victim to even non-targeted attacks.

4. Backup your data

Cyber attacks won’t come with a warning and they won’t even give you time to react. So, you have to regularly back up your data. It ensures that even if you lose against an attacker, you won’t lose your data. They might take down your site but if you have maintained a data backup, you can go live within a few hours. 

Now, where to back up your data? It is highly recommended that you use cloud-based storage devices. They are comparatively safer and are easily available in addition to hard drives which can be stolen or corrupted easily.

5. Scan your website

Attackers make malware scanner-proof but if you use quality scanners then you can detect and quarantine the threats that would have otherwise gone unnoticed and caused some serious damage. 

Therefore, on a regular basis, you must scan your entire website, maybe once a month to stay clear of cyberattacks. But threats are not always injected directly into the web apps, they might emerge through your computer too. Therefore, scanning your app alone is not sufficient, you must also scan your computer regularly. 

Scanning your web applications will help you find and remove potential threats and vulnerabilities.

6. Keep your software up to date

As your staff needs to stay updated with the latest trends, your software also needs to be updated. If you leave it be, your software will slowly become outdated and such apps can be easily compromised. 

Therefore, if you want to keep the attackers at bay, you have to keep updating your web apps. In some platforms, updates are done automatically, but some apps demand manual updates. 

So, look out for your app and update it regularly. Only an updated app can protect sensitive information from attackers.

7. Manage your passwords

Some people tend to forget complex passwords because it would be careless of us if we wrote them down somewhere. What if the attacker can get a hold of it? Well, every now and then, you can keep changing your passwords. But many people hate that too. 

Also, setting an easy password is not an option because it will be easier to crack. Now, you can apply constraints on your app while users set their passwords. It will help them set a difficult password. 

It advises users to utilise different characters, symbols and numbers to make a strong password. It is said that setting a 14-digit password is good as it makes it difficult to guess with brute force and bots. 

In addition to a strong password, a user can implement two-factor verification to strengthen the security of the application.

A 4-6 digit code is sent to the user for two-step verification. Only after entering that code, the user will be authorised to use or access the app. If after multiple attempts, the user fails to provide the authentic code, the app would automatically block the IP address of the user.

Final Thoughts

The online marketplace has become highly competitive. We won’t know which means a hacker would use to attack your web apps. It is the duty of the owner and the developer to fortify every wall, as the attack might come from any front. 

First, you have to secure the weak and vulnerable sections as we discussed in this blog. It will prevent them from exploiting any opening to your fort. 

Advanced arsenal can be of big help as the hackers also use modern attacks like DNS spoofing, CSRF, SQL injection, DDoS, and XSS. You not only need to know how these attacks work but also need to have advanced technology to nullify those attacks. 

I hope the insights provided in this article are helpful. Still, cybersecurity is a vast topic, and every app is a different case. Know your web apps well, know how they can be attacked and know how you can defend them. That’s the gist of the security best practices.

Categories
Community Tips

Elevating Your Code with Inclusive Design Principles

Elevating Your Code with Inclusive Design Principles

Web designers are essentially translators with artistic and creative objectives. They take design concepts and translate them into a programming language that various software can understand. This language or code in turn becomes the basis for a specific computer or web function.

In this way, web designers drive the creation and function of the digital programs and applications we use daily. They are directly connected to making the platforms that will allow others to access content, order products, check financials, connect with friends, and much more. Since these functions are valuable to such a wide user base, inclusion is a prominent concern of web designers today. 

Let’s dive into inclusive web design principles, how to integrate them, and why they ultimately benefit all users. 

Inclusive Design Principles

Inclusive web design goes beyond simply adhering to accessibility standards. Accessibility, according to the Web Content Accessibility Guidelines (WCAG), focuses on the nondiscriminatory user experience (UX) of people with disabilities. It ensures people with disabilities can equally access, navigate, and interact with web content. Inclusive design takes a more broad and overarching stance. 

Inclusive web design, sometimes referred to as universal design or design for all, partners with the situational discrepancies of diversity to ensure people from all backgrounds can utilize web resources. It is founded on the principles of accessibility, usability, and diversity or inclusion. To reach all audiences, it takes into account physical or cognitive accessibility, computer access, computer literacy, culture, age, education, and more. 

In action, these inclusive design principles have the power to benefit all end users. A great example is when Facebook focused on accessibility and usability by including video subtitles and captions for its video content in 2015. By 2016, according to Digiday, 85% of video views were happening with the sound off. Captioned videos not only helped users with auditory impairments but also users in myriad environments.

Integrating Inclusive Design Principles

One way to start integrating inclusive design principles is to do an accessibility and usability audit of your website or project. This is a simple way to check for synergy between developers and their UX since it’s easy to lose connection with what a general end user’s experience will be while designing. There are even web accessibility audit checklists that can be downloaded for use if you are unsure where to start with assessing your design. 

Testing your website or project with real end users is a vital next step to integrating an inclusive design. You must gather a diverse pool of users with varying abilities and backgrounds. Then focus on how your UX design is meeting user needs by analyzing their website journey. You can do this analysis through interviews, surveys, sitemaps, A/B testing, eye tracking, and other testing methods. Tests should reveal a non-biased picture of a site’s usability. 

Once you have audited your site and tested it for inclusion, you will need to address any discrepancies. This can be as simple as redoing code to add contrasting colors or include more descriptive image text, or it can mean a complete overhaul of your website. If it seems daunting, consider utilizing a UX design course to gain hands-on experience designing code with UX at the forefront. Gaining additional learning is an excellent way to elevate your coding to be more inclusive.

Benefits of Inclusive Web Design

Inclusive web design is useful to everyone. Intuitive design, contrasting icons, keyboard compatibility, voice-to-text, descriptive images or icons, and other coded elements serve every end user, regardless of their demographic. Essentially, inclusion should lead as the standard for designing universally beneficial web applications. 

Inclusive design is not only useful to most users; it is essential to those with temporary or long-term disabilities. According to the World Health Organization, over 2 billion people in the world live with a disability. Individuals who rely on assistive technology can only access about 10% of the websites on the internet meaning 90% of websites don’t meet minimum WCGA requirements. Since inclusion is built on the principle of accessibility, simple inclusive design structures make a world of difference to the billions of users who currently can’t access common online content. 

Inclusive design also benefits elderly users. According to the American Psychological Association, by 2060 the number of people over the age of 65 is expected to double to 98 million. Inclusive design can make technologies that help older adults — like banking applications, telehealth services, medicare websites, smart sensors, and more — accessible to this growing demographic. This benefits millions of users who may need navigation, visual, or auditory assistive technologies to access imperative online functions. 

Conclusion

Web designers utilize code to create the digital interfaces and functions that we use daily. In this role, they’re responsible for making applications accessible to a large group of real end-users. Inclusive web design — guided by the principles of accessibility, usability, and diversity — has the power to do just that. You can integrate it by auditing and testing a site or project and then altering the code to fit the UX needs of a diverse user base. 

Inclusive design principles in action benefit all users with more useful and easier-to-navigate functions. They are also essential to people with disabilities and older adults. In this way, inclusive design can elevate your code by making it more accessible and thereby valuable to your end-users. 

Categories
Community Tips

10 Expert Tactics For Ensuring Cross-Platform App Consistency

If you’re looking for some of the best practices to ensure cross-platform app design consistency, then you’ve come to the right place. This blog will cover all the aspects of maintaining consistency and how to build a fully functional application. 

App development is a vast field and comes with many challenges to face. One of the challenges is to keep the UI design sustainable on all the platforms. That is why designers need to perform multiple techniques and methods to ensure that apps are working perfectly fine.

Why Consistency Is Important in UI Design?

UI design is the most important element of any application as it grabs the user’s attention. The more seamless and clean the UI design the less frustrated the users get. 7 out of 10 apps get deleted because of their bad UI design.

So, again consistency is key, keep the UI design uniform and let the user control the accessibility and have full control over the app.

But first, let’s put light on the difference between the three app platforms.

A. How Are Cross-Platform Apps Different From Native and Hybrid Apps?

Businesses always demand an app that can work even on the old versions of Android and iOS. A large number of users have old smartphone models, so no user should be left out.

Only a designer can have the best knowledge of all three, so let’s see how they are different from each other.

Cross-platform  VS   Native   VS  Hybrid Apps

Each of them holds significance in app development, however, you can differentiate between them based on these parameters.

  • Performance 
  • Customization 
  • App Data Security 
  • Overall Cost 
  • Market Competition
Factors Cross-PlatformNativeHybrid Apps
PerformanceDepends on the frameworkNo limitation when it comes to speedHigh development speed
CustomizationCan be customized according to user experienceHas better UI capabilities because it can be customizedHybrid apps can be customized
CostBest for low-cost and limited-budgetHigh-costCost-effective
App data securityAble to protect the user dataComes with built-in security featuresProvides security to an extent with encryption
Market competitionDoesn’t take much time to buildQuite time-consumingSame as CP saves time, and has reusable code

B. These 10 Expert Practices Will Maintain Consistency

These tactics are straight from a professional Android app development company. However, to ensure consistency it can be applied on other platforms as well.

i – Screen Size Adaptability

Start off with the screen size, as the devices are of different sizes and resolutions. Apps should be tested back-to-back on all the devices to ensure the screen size fits all the devices.

ii – Multiple Device Test

Experts suggest that when apps are all set to be launched, they need to be tested by the quality assurance manager. As a result, this will keep the app free from bugs and errors that keep meddling the user’s way.

iii –  Keep it clutter-free

Mobile app UI design should be decluttered in the sense that when users find so many options and tap on one screen it fills the screen. This is another thing that designers should focus on to keep consistency.

iv – Work On Readability for Visual Consistency

Visual readability is the most essential of all, the whole app design will fail if it doesn’t attract the users. This includes; themes, fonts, color palettes, imagery, and icons. All of these are focused on ensuring the users don’t find any trouble with the outlay of the app.

v – Keep In Mind The Finger Taps

The more time the user spends on the finger taps the more annoyed they become. Finger taps should be friendly and fast, slow loading taps are frustrating and consume time.

vi – Intuitive App Navigation

App navigations are like finding a way on a map, but expert designers suggest that taps and options should be not hidden under layers of pages.

vii –  Platform Rules Should Be Followed

All three platforms have some rules to keep in mind, so as per experts, each app’s standard should be maintained pre- and post-launch of the application.

viii –  Readability

When designing cross-platform apps, if there is one factor that triggers the whole app user experience, it is Readability. As apps are developed for all screen sizes and resolutions, content should be readable without pressuring the user’s eye. Also, the content should be brief and not long paragraphs.

ix – Review UI Pattern For Internal Consistency

For internal consistency, all the app pages should be followed by a review to ensure that the app has a consistent pattern of UI allowing users to retain their memory and enhance their learning.

x – Research the platform For External Consistency

Lastly, no app can be developed on any of the platforms if it is not well-researched. All the apps have their standards set. So, in order to keep the elements consistent, research is the key. So, spend time on the practices followed by the professionals in many top app development companies.

C. Some Of The Best Frameworks For Cross-Platform Apps

These 3 frameworks are used widely by the developers of iOS and Android app development. 

i – Ionic

Developers create unique and attractive UI designs with Ionic.  They can even alter the code structure which helps them to make modifications in the app design anytime.

ii – Flutter

Flutter is another framework that is considered impressive for building apps for cross-platform applications.

Moreover, this framework doesn’t require continuous updating so that implies that it will help in maintaining a consistent UI design. Also, it can work on all sorts of new interfaces.

iii – React Native

No apps can be developed without having React Native on their hands. All the bugs and errors are fixed easily with it.  Besides, the reason why React Native is given much consideration is because it requires one code for all which saves developers a lot of time. 

Conclusion

These were some of the best expert tactics to ensure the UI design consistency of the apps.

Categories
Community Tips

How to Develop and Improve Collaboration in DevOps Teams

DevOps is becoming more and more popular in the world of business. By streamlining the development and IT management processes, DevOps reduces organizational silos and produces a better final product or service for the customer.

However, DevOps is fundamentally reliant on strong collaboration. Without honest, open, and easy communication and shared working practices across your organization, DevOps will just be a buzzword. 

If you want to introduce a true DevOps philosophy and culture to your organization, read on to learn how to develop and introduce collaboration in your DevOps teams.

What is DevOps?

DevOps refers to a set of practices and philosophies that aim to overhaul the culture of your organization – that means it’s quite difficult to get your head around what DevOps actually is.

It can be useful to start with an example. Let’s say, for instance, that you create a remote desktop software for iPad. Under a DevOps model, the people managing that software will be the same overall team that developed it. This means that any issues can be easily resolved as the management team will be true experts in the software.

DevOps is best thought of as an approach to software development and management that aims to overcome the gap between the planning and programming stage and the implementation and feedback stage. Rather than splitting the overall development process between a programming team and an IT team, DevOps creates one streamlined operation.

This can help you to draw on a wider range of expertise and skills, remove barriers to truly creative collaboration, and develop more effective operations.

In order for an organization to use a DevOps model, you must be prepared to break down the traditional divide between development and operations teams. This can take a range of different forms: you might choose to merge both operations together into one team or you might choose to integrate even more teams, such as those responsible for managing websites.

Why is collaboration so important in DevOps?

Why is collaboration so important in DevOps?

Because DevOps is all about getting previously separate teams to work together, it shouldn’t be a surprise that effective collaboration is what makes or breaks a DevOps model.

As automation – tools that make DevOps easier by automating processes previously divided between development and operations teams – is a key part of DevOps, some companies prioritize automation over collaboration. However, you have to remember that the tools are only as good as the people who use them.

Collaboration and communication is important from the very beginning of a transition to DevOps. That’s because people are naturally resistant to change – explaining why you’re overhauling existing organizational structures can create buy-in among employees. At the same time, you should show how collaboration can work in practice to produce better outcomes.

Without effective collaboration running through your DevOps team, you can probably assume that your processes will soon end up simply operating as before: divided between development and operations teams.

How to improve DevOps collaboration: a step-by-step guide

If you’re using a DevOps structure, therefore, it’s pretty clear that you need to always be developing and improving collaboration. Without this, you won’t be seeing any of the benefits that come with DevOps. So how can you improve DevOps collaboration in your organization?

1) Identify any clear collaboration problems

Before you start making any changes to your DevOps processes, you should take a step back and consider what is already working well and what can be improved. If there are any immediate issues, such as problems with your online telephone service that prevent engineers from working with each other, you should prioritize those.

You should also talk with employees from across the DevOps team. Their experiences will dictate what you need to focus on as you look to improve collaboration. You could also use business analytics tools to establish the effectiveness of collaboration in your organization.

2) Increase the visibility of everyone’s work

Increase the visibility of everyone’s work

If you want people to work collaboratively on a project, they need to actually be able to see the work that is being done. Improving visibility should be a key part of any DevOps model – engineers should be able to see what each other is working on and the levels of progress across the team so that they know who to offer help to.

For some developers, this can be a daunting step. After all, it’s easy to feel protective or embarrassed about work in progress. However, full visibility will let everyone learn from what others are doing.

Achieving full visibility in the technology sector can be difficult. Despite this, you can improve visibility by finding a workflow software that lets the entire team see test results, feedback, and ongoing development. By encouraging engineers to download remote desktop connection tools, your team will be able to have visibility of each other’s work from anywhere in the world.

3) Remove barriers to information

In the traditional model of using separate development and operations teams, engineers who produced a piece of software wouldn’t have had access to most of the information about how that software worked in practice. This had a detrimental effect on their future work, as they couldn’t learn from their earlier efforts.

That’s why an important principle that supports any DevOps culture is free access to information. This is obviously true for information such as testing results but should also apply to your overall culture and mindset: if you work in an office, keep your door open during meetings.

While you’ll have to be careful to consider privacy and security regulations, try to grant open access to your data for all DevOps engineers. By having the same information to draw on, your engineers will find collaboration much easier.

On top of this, consider communication tools like transcription software. These can remove barriers for the entire DevOps team by ensuring everyone has access to notes from meetings and can search for and edit past meeting notes in collaborative documents.

4) Celebrate bravery

Celebrate bravery

Collaboration can be an intimidating concept, especially if your developers are used to working in small siloed teams. That’s why creating a culture of collaboration is so important. One great way to do this is by publicly celebrating those engineers and developers who were brave enough to experiment with other engineers.

You should point out that collaboration is often a risk; developers will be worried about failing publicly. Celebrating the process of collaboration – even if the outcomes are failures – can be a really powerful way to develop a collaborative mindset among your DevOps team.

This culture of collaboration is also important when it comes to hiring; you shouldn’t just rely on technical screening. Instead, look for potential employees who are able and willing to collaborate effectively.

5) Mix up your teams

Many companies fail at DevOps by pursuing a DevOps model in name only – they don’t actually integrate the development and operations teams. Sometimes, building a successful DevOps team will require you to specifically diversify the subteams that deal with certain problems.

If you’re new to DevOps, you might want to buddy up developers with operations engineers. Forcing them together will encourage a collaborative practice to develop, while also speeding up the process of integration between the two teams. You should carefully consider the different skills of your employees and buddy up those with contrasting experiences and strengths.

It’s also important that you consider how to have a varied range of perspectives across your DevOps team. With remote working tools like RealVNC becoming more and more sophisticated, you can hire the perfect people for your team without having to worry about their location – this means that you can easily diversify your DevOps team as you grow.

6) Cultivate a DevOps mindset from the very top

Cultivate a DevOps mindset from the very top

Whether you’re a developer or engineer working in a DevOps team, or a member of your company’s management team, you have a responsibility to grow the DevOps mindset through your words, actions, and working processes.

This is especially important for leaders – they should model what good collaborative work looks like in practice by being open, accessible, and approachable. They should respect the insights of every team member and encourage them to put forward their views and opinions.

An important part of encouraging the DevOps mindset from the top of the organization is by providing opportunities to upskill your employees. This can let team members who originally worked solely as early-stage software developers build skills that are more applicable to the holistic and integrated environment of a DevOps workplace.

This will help to grow a collaborative DevOps mindset as employees will feel more confident and secure in their own skills, meaning that they’re more willing to risk failing publicly by working collaboratively.

Collaboration: the key to a successful DevOps mindset 

If you want DevOps to be more than just another buzzword in your organization, it’s vital that you find ways to develop and improve collaboration between your software developers and engineers.

Our guide to collaboration in DevOps will help you achieve this. By increasing visibility and removing barriers to information, some of the practical issues hindering collaboration will be overcome.

You can then start to focus on growing a collaborative mindset among your employees. Start celebrating collaborative work and model this from the top – soon, you’ll have a successful DevOps team working in harmony!

Categories
Community Tips

The Future of Front-End Development: Don’t Get Left Behind

Front-end development is really the closest coding gets to connecting directly with users. Every choice you make impacts the experiences people have with websites and mobile apps. This makes your skills and creative perspectives as a developer extremely valuable to organizations that need online resources. Which, let’s face it, is pretty much every organization today.

That said, the digital landscape is constantly changing. To keep being successful as a developer, you need to have a good understanding of what the future of front-end is likely to be and how you can navigate it. Let’s dive a little deeper into this issue.

In-Demand Features and Tech

As a front-end developer, one of the keys to not getting left behind is to embrace the technology and features that clients are prioritizing. This isn’t just the elements that are popular now, but also those that are likely to demand in the foreseeable future. Nobody’s expecting you to be both the master of all skills and a technological Nostradamus all rolled into one. Nevertheless, there are a few areas of front-end dev it’s worth keeping on top of.

Chatbots

Businesses are increasingly considering chatbots to be a front-line customer service and informational tool. It is, therefore, important to be adept in making conversational platforms that are relevant to specific clients’ individual needs and integrating these into websites. There are various platforms to help with this, including DialogFlow, which uses Google’s natural language processing (NLP) tools to support voice and text-based conversations.

Offline accessibility

Businesses naturally want their consumers to be able to engage with their web resources or apps easily and conveniently. Unfortunately, low network connectivity and dropped signals can disrupt this. One of the solutions is establishing offline accessibility. This is why it’s important to know how to implement effective caching, data storage, and information retrieval procedures. They let users interact with resources to some extent until connections have been restored.

Autocoding

Artificial intelligence (AI) driven coding tools can’t replace the creativity of developers. Nevertheless, it’s worth considering that autocoding platforms can be tools for efficient development. Starting to identify where to strategically automate some aspects of coding can streamline processes. On one hand, this gives you space to dedicate your attention to creative and problem-solving aspects. On the other, it makes you a more agile contributor for clients whose needs can change quickly.

Developing Collaboratively

As a front-end developer, it can certainly feel as though you’re operating pretty independently. Nevertheless, there are ways you collaborate on projects. This can be with clients or back-end developers, among others. These collaborations are likely to continue being important in the foreseeable future. To be left behind, you need to stay on top of how the nature of collaboration is likely to change.

Some of the aspects to be aware of include:

  • Collaborating remotely: One of the great advantages of the digital landscape is that companies have access to talented contributors across the world. This means that collaborating remotely, potentially between different time zones is likely to be key to your future in front-end development. Start getting familiar with tools that make these easier, like project management platforms and digital whiteboards for asynchronous ideation.
  • Collaborating in the metaverse: Virtual spaces are looking increasingly likely to be the future of online interactions. Therefore, you’ll need to start exploring not just how to develop for the metaverse, but also how to meaningfully collaborate with others within it. It’s wise to start testing out platforms for ideation meetings and perhaps even prototyping. Importantly, learn how to maintain the security of the data and ideas you’re sharing with others in these spaces. 

Additionally, no matter how you approach your collaboration, communicating your plans and ideas will always be vital to success. After all, there are various stakeholders connected to your front-end development and your actions in any project can impact those of other people. Mistakes here can cause conflict and may affect clients’ and other collaborators’ buy-in to your ideas.

Therefore, you need to adopt effective strategic plan communication measures. These include taking the time to suggest regular all-hands meetings that allow everyone to stay informed about the details of the project and feel meaningfully involved. You can also provide greater clarity on the goals and details of the development project with engaging visuals rather than just text explanations.

Maintaining Your Abilities

Not getting left behind in the future of front-end also means understanding that you need to pay attention to how effectively you’re functioning. There are likely to be challenges ahead that you’ll need to navigate. As a result, paying some attention to maintaining your ability to be a technical and creative contributor is essential. This isn’t just good for your professional efficacy, but also for continuing to enjoy what you’re doing.

Start by committing to seeking out opportunities to upskill. Even if you’ve already achieved a high level of development aptitude, there are always areas for improvement and diversification. Importantly, research into in-demand features and tools can give you the data to target the most relevant abilities. Perhaps above all else, be open to following your curiosity.

Another key to maintaining your abilities is to be aware of potential health risks associated with your work and mitigate them. For instance, computer vision syndrome (CVS) is an eye condition that can arise from prolonged screen time. This is due to strain from repetitive eye movements, closeness of screens, and even exposure to blue light. Be mindful of symptoms of such conditions, like regular headaches or light sensitivity. Importantly, take preventative steps by scheduling regular screen breaks and optimizing your computer setup.

Conclusion

Understanding the future of front-end development can help you more effectively prepare for it. This can include getting to know the likely in-demand features and tools, alongside best practices for working collaboratively as the landscape changes. Nevertheless, it’s important to understand that you can’t guarantee what the future will hold. Stay on top of industry news and have conversations with your professional network. This can help you to catch the early signs of changes so you can adapt in good time.

Categories
Community Tips

Navigating the New Era of Learning: Top Generative AI Books for Programmers

Hello, we’re Computer Science Professors Dr. Leo Porter and Dr. Daniel Zingaro. We’ve dedicated our careers to helping students succeed in programming and computer science courses. There are approaches we know are effective in teaching novices, such as learning from worked-out examples and using real-world problems that resonate with students. When we’re reading a book, we’re always thinking: will this book help people learn? Does it use what we know about learning to serve as an effective teaching aid? Can we use this with our students? Can we for once stop analyzing the book and just read for fun? (The answer to that last question is, unfortunately, ‘no,’ 😀 We can’t help it!)

With massive changes happening due to generative AI tools like ChatGPT and GitHub Copilot, you won’t be surprised that there’s a swarm of new books that use generative AI to teach programming to beginners or to enhance what programmers can do.

In this article, we wanted to cover our top four generative AI books that are being published by Manning Publications.

Special Deal! Get 35% Off all Manning Products at checkout with code bldevnat23 @ Manning.com

Introduction to Generative AI
Introduction to Generative AI: An ethical, societal, and legal overview Numa Dhamani and Maggie Engler

We know, we know: you just want to use generative AI to supercharge your programming productivity. We want that, too! But we’re at the dawn of a programming revolution here, and we strongly encourage you to take the time to understand the ethical and legal concerns wrought by generative AI. 

What happens when generative AI models ingest objectionable speech or personal data? Why are these models apt to produce hallucinations, and why should we care? Why is it so difficult to address bias in machine learning? What is the critical role that human feedback plays in LLM training, and what are the associated costs to humans? Does generative AI’s use of copyrighted work fall under fair use?

As informed end-users of generative AI, it’s up to us to answer these questions–to understand what data we might be using, how that data was produced, and the societal and ethical impacts of these tools. This book helps us toward those answers.

We appreciate that many claims in the book are supported with references that the reader can check for additional details. We also benefited from numerous powerful examples throughout the book, such as racial bias in movie sentiment scores, a ChatGPT data breach, and a famous virtual influencer.

We’d also like to emphasize that while the focus of the book is on the responsible use of generative AI, there is also a non-mathematical overview coverage of how generative AI tools work, which we suspect will be of interest to many readers. For example, you’ll learn more about many concepts you’ve probably heard about in passing, such as foundation models, fine-tuning, emergent properties of LLMs, zero-shot and few-shot learning, and chain-of-thought prompting.

Finally, we applaud the balanced discussion of the pros and cons of synthetic media, the ways that LLMs are and will be misused, the ways that professionals are using LLMs and–of course!–the coverage of the impacts on education.

Dhamani and Engler’s Introduction to Generative AI is a must-read foundational guide not only to understand how generative AI works but also to understand its broader societal implications.

Learn AI-Assisted Python Programming
Learn AI-Assisted Python Programming: With GitHub Copilot and ChatGPT Leo Porter and Daniel Zingaro

The two of us (Daniel Zingaro and Leo Porter) wrote this book because we believe that the way new programmers learn to program has changed dramatically now that generative AI is here. We’ve both taught thousands of students to program over the years and a lot of our time needed to revolve around teaching syntax, which is the ways that words and symbols are put together to create programs that run. But generative AI handles syntax extremely well (which is a good thing, because many learners find syntax boring and frustrating). So, in writing this book, our guiding question was: what are the main skills that new programmers need to learn now?

In this book, written for absolute beginners, you’ll be writing programs that work from day one, in contrast to the before times when you would have had to learn lots of syntax first. You’ll learn how to test code that comes from the generative AI to check whether it is correct, break down large problems into smaller bits that the AI can better solve, and use a debugger to trace your code very carefully to see what it’s doing. Oh, and you’ll be learning Python along the way, too, in case you need that for your resume 🙂

The Complete Obsolete Guide to Generative AI
The Complete Obsolete Guide to Generative AI
David Clinton

Why would you buy and read a book with ‘obsolete’ in the title? What the author is getting at with this irreverent title is that generative AI is moving so quickly that everything written about it will be obsolete quickly. We may as well understand the foundations of effectively interacting with these tools, which is what this book focuses on.

The book starts by explaining the background concepts you need to know when working with generative AI tools. What’s a token? What are the differences between all of those GPT models? What the heck is temperature and Top P?

You need Python experience to read this one. This isn’t a programming book, though. It’s a “let’s see what we can do with generative AI!” book. You’ll generate fiction (not very good fiction… yet?), generate book cover images, convert slides to videos, and quickly obtain summaries of boring meetings and long PDF documents. The book tours many powerful generative AI tools that you may not have been aware of–it goes way beyond what the general public is doing with ChatGPT.

The key takeaway of the book is that the best results come from pairing your domain knowledge with the explosion of content you can create with generative AI.

AI-Powered Developer: Build great software with ChatGPT and Copilot Nathan B. Crocker

OK — so you’re already a Python developer and you want to start using LLMs to rocket your productivity. How? By reading Crocker’s new book 😀

This book shows you how to use GitHub Copilot, ChatGPT, and Amazon CodeWhisperer (and when to use each). It assumes that you already know Python, and we further suggest that familiarity with building APIs in Python would be a plus.

Through its chapters, you’ll build an Information Technology Asset Management (ITAM) system, using generative AI for each step… from designing the system to writing the code, generating data, testing and managing the deployment, and helping with security. (Yes: generative AI is useful way beyond writing code for you!)

The pro of writing the book as one comprehensive example is that you see how a complete application is built and deployed with generative AI help. The cons are that it makes it difficult to jump around the book and that if you are not motivated by the chosen example then the book itself may not be as motivating as a collection of smaller examples. We need books of both types!

For us, the material on system design is of particular interest, because in our time working with generative AI, we have done the high-level design and left the low-level code to the AI. Crocker’s book shows that experienced programmers can indeed push generative AI into the design realm as well, including proposing designs, creating class diagrams for designs, and comparing and contrasting potential designs.

Whether you want to understand generative AI at a societal level, to learn programming from scratch “the new way,” to add generative AI to your programming toolbox, or to be inspired to use generative AI to … generate (sorry!) content, we’re confident that you’ll find value in one or more of these books.

Manning Publications is a premier publisher of technical books on computer and software development topics for both experienced developers and new learners alike.

Manning prides itself on being independently owned and operated, and for paving the way for innovative initiatives, such as early access book content and protection-free PDF formats that are now industry standard.

Categories
Tips

Passwords are DEAD, Let’s meet Passkeys and our new State of Software Supply Chain Security Survey 

passkeys blog thumbnai
Take the survey

Let’s get real. It’s a pain generating unique long alpha-numeric passwords and 2-factor authentications for every web or app service we use today, often ending up using the same old password (we can remember) across services and skipping 2fas if not enforced. Even if you use a password manager to generate and auto-fill your state-of-the-art strong passwords, you’re still vulnerable to attacks like Phishing, where a website looks identical to the one you are trying to access, although in reality it is a fraudulent copy -trying to use and steal your passwords as soon as they’re entered. 

Using a 2-factor authentication is handy in this situation. Still, it involves either SMS-based OTPs or authenticator apps like Authy or Google Authenticator for TOTPs, requiring cellular connectivity or installation of additional apps. Not to mention, if you lose your password manager, it will be a nightmare. 

Enter Passkey 

Passkey is a new passwordless authentication, standard by the FIDO alliance that aims to replace passwords and 2FAs, providing a faster, easier, and more secure authentication process.


Passkeys work on public-key architecture, generating public and private keys for each web or app service you use. The public key is saved on the web/mobile service server you intend to use, and the private key is kept securely on your local device, e.g. your Smartphone. Every modern smartphone processor today has a Secure Element which will generate and save these passkeys, which means not even  you can  read or directly access your private key. 

Whenever you want to authenticate on a service,- a signature generated from your saved public key will be sent to your device, and you can authenticate this signature using your private key + Biometric Authentication, e.g. your device PIN, fingerprint or Face ID. Once the signature from the public key and private key matches, you’ll be successfully logged in, meaning you don’t have to enter any password or OTPs, saving you from creeping eyes while entering your passwords in the coffee shops. The Private key never leaves your device, and you don’t need to remember everything, + it’s Phishing proof since Phishing sites won’t have your public key anyway 😉 

So, to actually hack you, the hacker will require your device + your fingerprints/FaceID, and I don’t wanna imagine that scenario anyway.

Passkey in Action

Every service you wish to use will generate a unique passkey that can be synced across all your devices using the ecosystem cloud sync, e.g. iCloud or password manager provided by your browser. You can also share your passkeys with devices and people you want. Hardware keys like Yubikeys can also be used to generate and save passkeys. If you’re on a desktop, you can still use your mobile device for passkey authentication using QR codes generated by the services while trying to log in. The QR code can then be scanned by your phone and finished with the passkey authentication. 

For businesses, it saves cost on OTP services you provide for your users, and it’s pretty easy to add support for passkeys in your web or mobile applications using already existing authentication APIs offered for all major platforms – iOS, Android, Chrome, etc.

To start with Passkeys, look at the services already supporting it at https://www.passkeys.io/who-supports-passkeys and join the Passwordless train.

Take the survey

Participate in our ongoing survey and share your thoughts to help us and our partners build a secure experience for You!